motivations and considerations for migrating from smtpd/sendmail to cssmtp

© 2015 IBM Corporation

Change is Coming: Motivation and Considerations for Migrating from SMTPD/Sendmail to CSSMTP

Sam Reynolds – [email protected]

ISPF and z/OS Communications Server Design

December 8, 2015

© 2015 IBM Corporation2

Agenda

• SMTPD / Sendmail / CSSMTP • Mail Migration Strategies • CSSMTP Migration Enablement • Appendix


SMTPD NJE Mail Gateway – provides both SMTP client and server roles • Heavily used application by batch jobs (limited TSO usage) • Gateway role – reads spool datasets and uses SMTP client

capability to send mail from z/OS • Provides SMTP server (listener) role to receive mail from

SMTP clients for delivery to TSO users or for forwarding • No support for IPv6 or TLS/SSL • Does not scale well

SMTPD


Sendmail

Sendmail – provides both SMTP client and server roles • Provides SMTP server (listener) role to receive mail from

SMTP clients for delivery to Unix mail boxes or for forwarding

• Not heavily used on z/OS • Limited usage by tooling and applications to send mail from

z/OS


Out with the old, In with the new

• V2R2 announcement includes an SOD (Statement of Direction) that V2R2 will be the last z/OS release to include SMTPD and sendmail

• CSSMTP NJE mail gateway is the strategic z/OS SMTP transport • Introduced in z/OS V1R11 to address the aging SMTPD

NJE Gateway


CSSMTP

• Provides the NJE mail gateway role • Sends mail from spool using SMTP (outbound email focus) • Many customers have already migrated

• Advantages over SMTPD NJE Gateway • Performance and scalability is significantly better

• CSSMTP was 4.5 times faster sending 4000 emails while using half the CPU of SMTPD in IBM benchmarks

• Supports newer mail standards • Support for IPv6 and AT-TLS • Uses system translation services

• In a survey of z/OS Communications Server users in early 2014, over 1/3 had already migrated to CSSMTP


CSSMTP …

There are some limitations: • Does not provide an SMTP listener capability

• No inbound email support • No delivery of mail to TSO users

• Stricter enforcement of SMTP standards • Some emails that were accepted by SMTPD NJE get rejected

by CSSMTP • Several restrictions have already been addressed via APAR

• Allows CSSMTP to accept and process these emails


Mail Migration Strategy: Sendmail

IBM will provide a replacement sendmail command that will perform as a “thin gateway SMTP client” for sending mail: • Will stage the mail message to spool for CSSMTP to send outbound • Applications using the sendmail client could function seamlessly • Will require some administrative changes to migrate to CSSMTP • Will only provide functional support for message formats that

CSSMTP already supports • CSSMTP will not be enhanced to support functions that sendmail

provides that it does not already support • e.g. 8BITMIME (RFC 6152) • A more complete list of supported and unsupported functions

will be made available at a later time


Sendmail Alternative: Postfix

• Sendmail has been deprecated in RHEL and SUSE • The community replacement is Postfix

• Postfix includes interfaces that are compatible with sendmail and is a full sendmail replacement

• Can send, receive, forward, etc. • More info: www.postfix.org

• IBM has no plans to provide Postfix in z/OS Communications Server

• Postfix is planned to be available on z/OS through third party alternatives

• Rocket Software ported tools for z/OS • A beta build for their port is at: http://www.rocketsoftware.com/

rocket-ported-tools-download-request • Other third party solutions may become available


• CSSMTP has stricter standards than SMTP • How do you verify that CSSMTP will process your existing mail

messages? • V2R2 function: CSSMTP test mode

• A new configuration parameter that causes CSSMTP to run in Test Mode • CSSMTP will perform its normal email processing, except it will not

actually send emails • It will report email failures and discard successful emails • You can address incompatible emails before migrating to CSSMTP

• SMTPD continues to process your mail messages • Production emails are unaffected during the test

• EZBMCOPY • Utility program provided by IBM to copy JES email messages to two

destinations, SMTPD and CSSMTP •This is available on V2R1 via APAR PI48700

Mail Migration Strategy: SMTPD


TEST Mode/EZBMCOPY architecture

z/OS application

SPOOL TSO user

EZBMCOPY

SMTPD

CSSMTP (test mode)

SMTPD

SMTPD1

CSSMTP

email error


CSSMTP Test Mode

• Notes on TestMode: • TestMode cannot be dynamically altered. CSSMTP must be recycled

to change its value • If no errors are found in a spool file, CSSMTP will release spool files

when it has completed processing. If errors are found, CSSMTP will honor the setting of BADSPOOLDISP

• Make sure the REPORT statement is coded with a valid destination for the error report. Warning message EZD1841I is issued if it is not.

• Parameters on the CSSMTP Options statement:

>>--Options-----| Put Braces and Parameters on Separate Lines |--><

Options Parameters:

+--TestMode NO------+

|----+-------------------+----->

+--TestMode-+-NO--+-+

+-YES-+


CSSMTP display config

The new configuration parameter is also externalized using the CSSMTP SMF configuration record (CONFIG subtype 48)

F CSSMTP,DISPLAY,CONFIG EZD1829I CSSMTP CONFIGURATION: CONFIGFILENAME : /U/USER1/CSSMTP/CSSMTP.CONF

[…]

BADSPOOLDISP : HOLD REPORT : SYSOUT OPTIONS: NULLTRUNC : NO DATALINETRUNC : NO TESTMODE: : NO […]


EZBMCOPY

• Parm value: •WRITER=w Select program name (writer name) w

• EZBMCOPY assumes the writer name specified by the WRITER parameter. It selects spool files in two ways: •The file's writer name matches the WRITER parameter, or •The file's destination matches the WRITER parameter

Then it makes as many copies as there are OUTPUT cards in the JCL, then deallocates the original data set •Restriction: a maximum of two output cards can be coded


EZBMCOPY usage example

• Assume the JCL shown here and SMTPD running with writer name SMTPD. (note: SMTPD's writer name is its jobname) •Change the writer name of SMTPD to SMTPD1 for this test by changing its jobname to SMTPD1 •Start CSSMTP in TESTMODE with writer name CSSMTP •Start EZBMCOPY using the example JCL above

//EZBMCOPY PROC //STEP EXEC PGM=EZBMCOPY PARM='WRITER=SMTPD' //OUT1 OUTPUT WRITER=SMTPD1 //OUT2 OUTPUT WRITER=CSSMTP //STEPLIB DD DSN=JES2.TESTING.LOAD,DISP=SHR //SYSUT2 DD SYSOUT=*,SPIN=UNALLOC,OUTPUT=(*.OUT1,*.OUT2) //SYSPRINT DD SYSOUT=* //SYSIN DD DUMMY


AT-TLS performance

• Requirements to encrypt all email are becoming more common. TLS between mail servers is a common method •CSSMTP supports and interoperates with TCP/IP's AT-TLS support

• TLS negotiation between hosts requires several flows back and forth on a TCP connection, before data can flow •This would be required whenever CSSMTP connects to a downstream mail server

•CSSMTP disconnects after finishing the last email in a JES spool file, and reconnects when starting the next spool file •When JES spool files contain large numbers of emails, the extra TLS flows are insignificant •But if a customer has multiple JES spool files with only a few or even just one email, the AT-TLS burden becomes more significant


Provide additional configuration options for CSSMTP

• CSSMTP is providing a new configuration switch: •The switch controls how long CSSMTP keeps connections with mail servers after it finishes processing a JES spool file

•The default behavior is to disconnect right away (current behavior) •You may want to set this switch to a longer value if your installation produces a lot of spool files that contain only one, or a few, emails.

•This is available on V2R1 via APAR PI38893


New CSSMTP configuration

New parameter on the Timeout statement:>>--Timeout-------| Put Braces and Parameters on Separate Lines |--><

[....]

+-MailCmd 300------+ +-RCPTCmd 300------+ +-ConnectIdle 0 -------+ >--+------------------+----+------------------+--+----------------------+-----> +-MailCmd seconds--+ +-RCPTCmd seconds--+ +-ConnectIdle seconds--+


CSSMTP display

• MODIFY CSSMTP,DISPLAY,CONFIG will show the new parameters

• The new configuration parameters are also externalized using the CSSMTP SMF configuration record (CONFIG subtype 48)

EZD1829I CSSMTP CONFIGURATION: CONFIGFILENAME : /U/USER1/CSSMTP/CSSMTP.CONF

[…]

OPTIONS: NULLTRUNC : NO DATALINETRUNC : NO TESTMODE: : NO

[…] TIMEOUT: ANYCMD : 300 CONNECTRETRY : 120 DATABLOCK : 180 DATAINIT : 120 DATATERM : 600 INITIALMSG : 300 MAILCMD : 300 RPCTCMD : 300 CONNECTIDLE : 60

[…]


Thank You!


Appendix


Statement of Direction: z/OS Communications Server Internet mail applications: Sendmail and SMTPD (Issued July 28, 2015)

As previously announced in Hardware Announcement 114-009, dated February 24, 2014, the Simple Mail Transport Protocol Network Job Entry (SMTPD NJE) Mail Gateway and Sendmail mail transports are planned to be removed from z/OS. IBM now plans for z/OS V2.2 to be the last release to include these functions. If you use the SMTPD NJE Gateway to send mail, IBM recommends you use the existing CSSMTP SMTP NJE Mail Gateway instead. In that same announcement, IBM announced plans to provide a replacement program for the Sendmail client that would not require programming changes. Those plans have changed, and IBM now plans to provide a compatible subset of functions for Sendmail in the replacement program and to announce those functions in the future. Programming changes or alternative solutions to currently provided Sendmail functions might be required. No replacement function is planned in z/OS Communications Server to support using SMTPD or Sendmail as a (SMTP) server for receiving mail for delivery to local TSO/E or z/OS UNIX System Services user mailboxes, or for forwarding mail to other destinations.